On ke, 01 heinä 2020, lejeczek via CentOS-devel wrote: > > >On 01/07/2020 17:55, Alexander Bokovoy wrote: >> On ke, 01 heinä 2020, lejeczek via CentOS-devel wrote: >>> hi guys >>> >>> latest in the repo krb5 packages - 1.18.2-2.el8 - brake >>> freeIPA if already installed and conflict if want to >>> install. >>> >>> # dnf install -y ipa-server-dns >>> Last metadata expiration check: 1:21:31 ago on Wed 01 Jul >>> 2020 11:00:25 BST. >>> Error: >>>  Problem: package >>> ipa-server-dns-4.8.4-7.module_el8.2.0+374+0d2d74a1.noarch >>> requires ipa-server = 4.8.4-7.module_el8.2.0+374+0d2d74a1, >>> but none of the providers can be installed >>>  - conflicting requests >>>  - nothing provides krb5-kdb-version = 7.0 needed by >>> ipa-server-4.8.4-7.module_el8.2.0+374+0d2d74a1.x86_64 >> >> There should be no 1.18 in RHEL 8.2 at all, therefore >> CentOS 8.2 should >> not have krb5 1.18. >> >> If you are using CentOS Stream, please make it clear in >> describing your >> configuration. >> >> I can see krb5-1.18.2 in c8s branch here: >> https://git.centos.org/rpms/krb5/c/10fa7093df15784c58e82f89ba3e2a5ee0245991?branch=c8s >> >> There is no corresponding update for idm module, though. >> >> There is no c8s-version of c8-stream-DL1 branch and >> therefore there is >> no idm:DL1 module rebuild. >> >> Until that part is fixed, CentOS Stream is unusable for >> IdM deployments. >> >> Please note that none of RHEL developers responsible for >> IdM have any >> say or control how things get merged into CentOS. If there >> are problems >> like this one nobody but CentOS maintainers could help. In >> case of >> CentOS 8 stream, it seems the whole process is done by a >> robot and I >> have no idea how this robot handles modular builds (and >> when). >> >> >And that seems to be a great shame, quite frankly I felt >this way for a long months, probably since C8 release. > >Maybe you guys @redhat could(should ?) take over "idm" >module in Centos, or Centos' owners could ask for help and >delegate "idm" over to you. There is no process that allows it, as far as I know, at least for CentOS Stream. Would be good to see any change, though. >FreeIPA is way!!! to import to afford such cock-ups and it's >been quite a wobbly ride on C8 since the beginning. >Centos is a poor man choice but still seriously taken & >deployed to critical environments and if my opinion is not >an isolated one, then everybody will agree freeIPA must be >taken care of properly. Thank you for testing these scenarios and reporting them back. -- / Alexander Bokovoy Sr. Principal Software Engineer Security / Identity Management Engineering Red Hat Limited, Finland